ACME (Let's Encrypt protocol) component for Delphi Tokyo and Rio
(c)2018-2020 by Execute SARL
TExecuteACME component let you request a "Let's Encrypt" certificate for you domain.
The component supports HTTP Challenge, you can use a self hosted WebServer (TidHTTPServer) to validate the certificate or use the OnHttpChallenge event to store the challenge reply on your website.
In both case you need to manage the domain's HTTP (not HTTPS) server.
this component is compatible with Delphi Berlin 10.1, Tokyo 10.2.3 and Rio 10.3 (even the Community Edition).
New: this repository contains Rio compatible DCU (Win32, Win64 and Linux) for testing purpose only, they accepts only Staging environment.
- Download the repository
- Open ACMEGroup.groupproj
- Right click on the project "Execute.ACMEDesign.bpl" and install it
- Select the ACMEDemo project
- Compile and run the Application
the application requires OpenSSL (for Windows : libeay32.dll and ssleay32.dll) on the first start, the application can create Account.key and Domain.key for you, (generating a 4096bits take some time, this is normal).
Account.key will be your Let's Encrypt account private key, place it on a safe place (with a password).
Domain.key is the private key for the domain (same recommandations).
How does it work ?
(you have to do this periodically because the certificate lives only for 90 days !)
1. Registration request
TExecuteACME.RegisterDomain(); -> Account.key -> register a Let's Encrypt account. -> Domain.key -> send a Certification Signing Request. -> OnHttpChallenge -> store the challenge Token & Thumbprint. -> OnDone -> the certificate is not ready yet, try later.
2. HTTP Challenge
Let's Encrypt -> http://(domain)/.well-known/acme-challenge/(token) <- Thumbprint
3. Retrieve the certificate
TExecuteACME.FinalizeDomain(); -> Account.key -> Retrieve account status. -> Domain.key -> Retrieve the Certificate from Let's Encrypt. -> OnCertificate -> store the updated certificate.
4. Revoke certificate (if required)
TExecuteACME.UnRegisterDomain(); -> Domain.key -> Revoke Certificat -> OnDone -> the certificate is revoked.
Better error handling with error report
SubjectAltNames let you define alternative names for the DomainName
new OrderURL and OrderStatus properties
FinalizeDomain is now used (with OrderURL) to retrieve the last requested Certificat
OnHttpChallenge has a new parameter Processed to let you delay the challenge (call FinalizeDomain when the challenge is ready, the event will be fired again and then you can set Processed to True)
Support for POST-as-GET protocol change.
Support for 64bits and Linux
Suport for synchronous calls with *Now methods
this repository contains the full source code of the demo application for the CLOSED SOURCE component TExecuteACME.
This component is NOT FREE !
You have to register a licence to use it in any commercial product
you are NOT allowed to use this component to register a commercial website certificate without a registered licence.
You can buy the component source code for 50€ per developper up to 200€ (site licence).
Minor version updates indefinitely and major version updates for 1 year from date of purchase.
If I sell 100 licences (5.000€), the component will be released under GPL :)
Even then you'll still be able to buy a commercial licence for my part of the component.
Feedbacks are welcome.